Skip Navigation

Supply Chain Security Inside and Out

3 minute read time

Every organization needs to safeguard their SDLC. Take a look at two key aspects of ensuring external and internal security for your software supply chain.

Protecting Software Developers from Malware with AI/ML Insights

By Mandeep Singh on April 20, 2023 featured

5 minute read time

Developer-targeted malware is a complex and difficult problem. A look at what tools and information are needed to reduce risk in your development pipeline.

Sonatype Repository Firewall is an Easy Solution for a Big Problem

6 minute read time

Discover Sonatype Repository Firewall's AI-driven protection for SDLCs, blocking malicious components and ensuring a more secure software supply chain.

PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero

By Ax Sharma on August 11, 2022 vulnerabilities

7 minute read time

Sonatype identified a 'secretslib' PyPI package that covertly installs cryptominers on Linux systems.

Python Packages Upload Your AWS Keys, env vars, Secrets to the Web

By Ax Sharma on June 23, 2022 vulnerabilities

5 minute read time

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

New 'pymafka' Malicious Package Drops Cobalt Strike on macOS, Windows, Linux

By Ax Sharma on May 20, 2022 vulnerabilities

5 minute read time

The 'pymafka' PyPI package is filled with trojans targeting Windows, macOS & Linux users and appears to typosquat the popular PyKafka.

Open Source Attacks on the Rise: Top 8 Malicious Packages Found in npm

By Ax Sharma on June 08, 2021 featured

10 minute read time

We're rounding up the top 8 malicious cyber attacks on npm that Sonatype has discovered with its next-gen open source security and malware detection tool.

New Language? No Problem. New Ecosystems in Sonatype Lifecycle and Repository Firewall

By Alyssa Shames on May 13, 2020 Product

5 minute read time

New ecosystems added to Sonatype Lifecycle and Repository Firewall: Alpine, Bower, Cargo, CocoaPods, Conda, Conan, Composer, CRAN, Debian, Drupal & rpm.

Sonatype Repository Firewall Now Supports JFrog Artifactory Customers

By Michelle Dufty on February 28, 2019 artifact repository

1 minute read time

Artifactory customers can now protect their perimeter from risky open source with Sonatype Repository Firewall.